Where Have UAL Been?

Explore the intricacies of Microsoft's User Access Logs (UAL) on Windows Servers in this 32-minute conference talk from OSDFCon 2021. Delve into authentication information, record retention periods, IP/MAC address details, daily authentication counts, and authentication categories. Learn about a parsing tool created by Brian Moran and discover how these logs can be utilized in digital forensics and incident response. Join Brian Moran, a seasoned digital forensic analyst, and Kevin Stokes, a Lead Specialist in KPMG's Cyber Response Services, as they share their extensive experience in the cybersecurity field. Gain insights into KStrike, including a Mac demo, and explore other UAL parsing options. Understand the real-world benefits and goals of UAL analysis in digital forensics investigations.